US9965639B2 - Source authentication of a software product - Google Patents

Source authentication of a software product Download PDF

Info

Publication number
US9965639B2
US9965639B2 US14/801,967 US201514801967A US9965639B2 US 9965639 B2 US9965639 B2 US 9965639B2 US 201514801967 A US201514801967 A US 201514801967A US 9965639 B2 US9965639 B2 US 9965639B2
Authority
US
United States
Prior art keywords
key
compound key
program instructions
entry
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US14/801,967
Other versions
US20170017798A1 (en
Inventor
Badekila Ganesh Prashanth Bhat
Nageswararao V. Gokavarapu
John Kurian
Raghavendran Srinivasan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US14/801,967 priority Critical patent/US9965639B2/en
Publication of US20170017798A1 publication Critical patent/US20170017798A1/en
Application granted granted Critical
Publication of US9965639B2 publication Critical patent/US9965639B2/en
Application status is Active legal-status Critical
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0823Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using certificates

Abstract

Embodiments of the present invention provide systems and methods for authenticating the source code of a software end product. The method includes generating a compound key, which is composed of a set of unique keys generated from a source file. A set of files are separately build based on a received source code, and a key generated and embedded into the files at the time of the build. A validation tool is used to compare the values of the generated compound key to the values of the embedded key to determine if the values match.

Description

BACKGROUND OF THE INVENTION

The present invention relates generally to the field of software design, and more particularly to authenticating source code of a software product.

A typical life-cycle of software includes delivering the package to the customer as an installer pack and then delivering fix packs to the customer. Fix packs often include the bug fixes and other feature enhancements. Fix packs refer to a set of files, which have been altered from the base product that was given to the customer. Often, multiple fix packs are delivered for the same product, over a period of time.

Normal procedures of building fix packs and software products involve extracting the files from a central repository or multiple repositories, and building it on the applicable platforms on a build environment customized for the software. In addition to standard fix packs, there can also be customized fixes that get built and delivered to meet the specific needs of a particular customer. The complexity of the build process varies across software and it may be a common scenario to extract thousands of files for building the fix packs in larger software.

SUMMARY

According to one embodiment of the present invention, a method for authenticating source code is provided, the method comprising: receiving, by one or more processors, at least one source file; generating, by a key generator, a compound key, wherein the compound key comprises a set of keys generated from the at least one source file; building, by one or more processors, a set of files, based on a source code from the at least one source file; generating, by the key generator, a value associated with each file of the set of files; and comparing, by a key validation tool, the compound key and the value to determine if said compound key is equivalent to said value.

According to another embodiment of the present invention, a computer program product for authenticating source code is provided, the computer program product comprising: a computer readable storage medium and program instructions stored on the computer readable storage medium, the program instructions comprising: program instructions to receive at least one source file; program instructions to generate a compound key, wherein the compound key comprises a set of keys generated from the at least one source file; program instructions to build a set of files, based on a source code from the at least one source file; program instructions to generate a value associated with each file of the set of files; and program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value.

According to another embodiment of the present invention, a system for authenticating source code is provided, the system comprising: one or more computer processors; one or more computer readable storage media; program instructions stored on the one or more computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising: program instructions to receive at least one source file; program instructions to generate a compound key, wherein the compound key comprises a set of keys generated from the at least one source file; program instructions to build a set of files, based on a source code from the at least one source file; program instructions to generate a value associated with each file of the set of files; and program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a block diagram illustrating a distributed product validation system, in accordance with an embodiment of the present invention;

FIG. 2 depicts a flowchart illustrating operational steps of a product build and delivery process, in accordance with an embodiment of the present invention;

FIG. 3 depicts a flowchart illustrating operational steps of an end user download process from a central fix repository, in accordance with an embodiment of the present invention; and

FIG. 4 depicts a block diagram of components of a computing device, in accordance with an illustrative embodiment of the present invention.

DETAILED DESCRIPTION

A typical life-cycle of software includes delivering the package to the customer as an installer pack and then delivering fix packs to the customer. When a fix pack is delivered to the customer, incorrect or unauthorized files may sometimes be inadvertently included in the fix pack. Embodiments of the present invention provide systems and methods to generate a compound key during the extraction of a source code and to generate a separate key in each file during the build process, in order to validate that the delivered product matches the intended source, by comparing the generated compound key to the separately generated keys from each file.

The present invention will now be described in detail with reference to the Figures. FIG. 1 depicts a block diagram illustrating a distributed product validation system (“system”), generally designated 100, in accordance with an embodiment of the present invention. Modifications to system 100 may be made by those skilled in the art without departing from the scope of the invention as recited by the claims. In an exemplary embodiment, system 100 includes computing device 110, central fix repository 120, and end user device 130, all interconnected over network 140.

Network 140 can be, for example, a local area network (LAN), a wide area network (WAN) such as the Internet, or a combination of the two, and can include wired, wireless, or fiber optic connections. In general, network 140 can be any combination of connections and protocols that will support communication and/or access between computing device 110, central fix repository 120, and end user device 130.

Computing device 110 includes version control manager 112 and key generator 114. In various embodiments of the present invention, computing device 110 can be a laptop computer, a tablet computer, a netbook computer, a personal computer (PC), a desktop computer, a personal digital assistant (PDA), a smart phone, a thin client, or any programmable electronic device capable of executing computer readable program instructions. Computing device 110 may include internal and external hardware components, as depicted and described in further detail with respect to FIG. 4.

Version control manager 112 receives the source code from a developer and associates each source with a field to maintain a generated key. Version control manager 112 causes a compound key (composed of the unique keys of all of the sources) to be generated during source code extraction, during which a unique hash function is appended into the compound key. The hash function is later compared to the end product to ensure the customer receives the correct level of source code in the end product.

Key generator 114 is a component of the version control manager 112 which automatically generates a unique key for each of the received source files, responsive to a developer checking in the source code. The unique key can be based on the file name, file location, file size, the hash of the file, etc., such that any change in the source file will result in a change in the generated unique key. In this exemplary embodiment, key generator 114 generates a key during both the source code extraction and the build process. The key generated by key generator 114 is propagated across all of the source files.

Central fix repository 120 includes key validation tool 122. Central fix repository 120 may be a management server, a web server, or any other electronic device, or computing system capable of receiving and sending data. In other embodiments, central fix repository 120 can be a laptop computer, a tablet computer, a netbook computer, a personal computer (PC), a desktop computer, a personal digital assistant (PDA), a smart phone, or any programmable electronic device capable of communicating with computing device 110 and end user device 130 via network 140, and with various components and devices within system 100. In other embodiments, central fix repository 120 can represent a computing system utilizing clustered computers and components to act as a single pool of seamless resources when accessed through a network. In this exemplary embodiment, central fix repository 120 can store source code for building bug fixes. Central fix repository 120 can be accessed by end user device 130. Central fix repository 120 may include internal and external hardware components, as depicted and described in further detail with respect to FIG. 4.

Key validation tool 122 is a program supplied by the end product. Key validation tool 122 identifies and validates the built keys of the end product by validating the published compound key with the embedded keys in each binary. Key validation tool 122 scans the compound key, and for each entry in the compound key, key validation tool 122 searches for the entry in the binary files. If a match is found, the binary values are compared to validate the correctness.

End user device 130 can be a laptop computer, a tablet computer, a netbook computer, a personal computer (PC), a desktop computer, a personal digital assistant (PDA), a smart phone, a thin client, or any programmable electronic device capable of executing computer readable program instructions. In this exemplary embodiment, end user device 130 can access and install bug fixes from central fix repository 120. In some embodiments, a copy of key validation tool 122 resides on end user device 130, in order to validate a downloaded bug fix from central fix repository 120. In other embodiments of the present invention, many end user devices may be implemented in system 100. End user device 130 may include internal and external hardware components, as depicted and described in further detail with respect to FIG. 4.

FIG. 2 depicts flowchart 200 illustrating operational steps of a product build and delivery process, in accordance with an embodiment of the present invention. Two example source files are used through FIG. 2: (1) src/abc.c (2) src/pqr.c. Source file src/abc.c builds into abc.o (i.e., object file) and src/pqr.c builds into pqr.o (i.e., object file). The two object files are combined to create a final binary executable: abcpqr.

In step 202, version control manager 112 receives the source code from the developer and generates a unique key. In this exemplary embodiment, in response to receiving the source code from a developer, version control manager 112 generates a unique key for the source file. Each source file has a reserved field. For example, using the above example source files (i.e., src/abc.c and src/pqr.c), the below example string is used as the field that is recognized by version control manager 112 and the later build system to embed values within the source files:

    • const char* file_key=“<pathname><hashvalue><source file size>”

Each source code received from the developer is associated with a field in version control manager 112, in order to maintain the key. The key generated is propagated across all of the source files. The source code for building the fixes can be obtained from a single repository, multiple repositories, or repositories which operate in a cloud computing environment.

In step 204, version control manager 112 generates a compound key. In this exemplary embodiment, during a source code extraction process, version control manager 112 generates a compound key, which includes the unique keys generated from all of the source files (step 202). Specifically, during the source code extraction process, version control manager 112 adds a row into the generated compound key file, which includes both the source path and a value. The value is based on a hash function run on the source file and the size of the source file. The generated compound key is used to validate the built code after the end product has been delivered. For example, using the above example source files (i.e., src/abc.c and src/pqr.c), the generated compound key may be:

    • src/abc.c 4A21 2500B
    • src/pqr.c 505F 2769B

In step 206, the build system collates the source from the repositories, initiates the build process, and injects the key into the source files. The source can be a file with code to compile, or a binary file, such as pictures or maps. In this exemplary embodiment, key generator 114 generates a key for each file being built, and embeds the generated key into the file. During the build process, the same hash function is executed on each source file, prior to the compilation phase, and the value (i.e., the key) is embedded within the source code itself. During the build process, depending on the type of source, the key is injected either as metadata, or as an entry in the source files, on the files being built. As these are constant or static value fields, the key embedded within the source files is propagated into all of the binary objects where the particular source is built. For example, using the above example source files (i.e., src/abc.c and src/pqr.c), after the build process, source file abc.c and source file pqr.c contain, respectively:

    • const char* file_key=“src/abc.c 4A21 2500B”
    • const char* file_key=“src/pqr.c 505F 2769B”

This ensures that there have been no other modifications to the source file after the extraction process. The value embedded during the build process should eventually match the compound key generated by version control manager 112.

In step 208, a key validation tool and the compound key are packaged with the final deliverables, in order to validate the build keys in the final product. In this exemplary embodiment, key validation tool 122 is supplied along with the product that is used to validate the final binaries using the compound key created by version control manager 112 (i.e., step 204) with the key generated and embedded during the build process (i.e., step 206). In this exemplary embodiment, the key validation tool and the compound key are packaged with the final product as an installable product binary.

In step 210, key validation tool 122 is used to validate the end product deliverables using the generated compound key, before publishing the end product to an end user (i.e., a customer). In this exemplary embodiment, after the installable product binary has been installed in a test machine, key validation tool 122 is used to validate the final product by comparing the supplied compound key and the embedded key generated during the build process, in each binary. Key validation tool 122 scans the compound key, and for each entry in the compound key, key validation tool 122 searches for the entry in the binary files. Once a match is found, the values are compared in order to validate the correctness. In this manner, any incorrect files are detected during the validation process, before the files are uploaded to central fix repository 120 for an end user to download. This process also ensures that the proper level of fix is used when publishing the end product deliverables. For example, using the above example source files (i.e., src/abc.c and src/pqr.c), the first entry in the compound key is:

    • src/abc.c 4A21 2500B

In this example, key validation tool 122 scans all of the binaries for the entry ‘src/abc.c’, and a match is found for the ‘abcpqr’ binary. The corresponding value in the binary is matched with the value from the compound key in order to validate the correctness.

In step 212, the fix is uploaded to central fix repository 120, if no issues are detected during the validation process. In this exemplary embodiment, if no issues are determined when comparing the compound key with the generated keys using key validation tool 122, then the fix is uploaded to central fix repository 120, along with the corresponding compound key. In some embodiments, the compound key can be encrypted before publishing the fix and key validation tool 122 can decrypt the key before validation, if revealing the source code files in the compound key is a concern. End users may then access and download one or more fixes from central fix repository 120.

FIG. 3 depicts a flowchart 300 illustrating operational steps of an end user download process from central fix repository 120, in accordance with an embodiment of the present invention.

In step 302, an end user downloads a fix from central fix repository 120, and installs the fix onto end user device 130.

In step 304, the key validation tool 122 is run after the end user installs the product. This allows the end user to validate the installed fix, by comparing the compound key and generated keys using key validation tool 122. The end user may validate that the downloaded fix and the installed fix match the expected source level of the end product (using a method similar to the process described in step 210 of FIG. 2).

By performing the operational steps of FIGS. 2 and 3, the source, build, and end deliverables of a product code can be synchronized, and errors can be readily detected. The process can ensure that the built deliverable matches the intended level of source code at the time of dispatch from the delivery point, as well as, at the end user.

FIG. 4 is a block diagram of internal and external components of a computing device, generally designated 400, which is representative of the computing devices of FIG. 1, in accordance with an embodiment of the present invention. It should be appreciated that FIG. 4 provides only an illustration of one implementation and does not imply any limitations with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environment may be made.

Computing device 400 includes communications fabric 408, which provides communications between computer processor(s) 402, memory 404, cache 406, persistent storage 410, communications unit 414, and input/output (I/O) interface(s) 412. Communications fabric 408 can be implemented with any architecture designed for passing data and/or control information between processors (such as microprocessors, communications and network processors, etc.), system memory, peripheral devices, and any other hardware components within a system. For example, communications fabric 408 can be implemented with one or more buses.

Memory 404 and persistent storage 410 are computer-readable storage media. In this embodiment, memory 404 includes random access memory (RAM). In general, memory 404 can include any suitable volatile or non-volatile computer readable storage media. Cache 406 is a fast memory that enhances the performance of processors 402 by holding recently accessed data, and data near recently accessed data, from memory 404.

Program instructions and data used to practice embodiments of the present invention may be stored in persistent storage 410 and in memory 404 for execution by one or more of the respective processors 402 via cache 406. In an embodiment, persistent storage 410 includes a magnetic hard disk drive. Alternatively, or in addition to a magnetic hard disk drive, persistent storage 410 can include a solid state hard drive, a semiconductor storage device, read-only memory (ROM), erasable programmable read-only memory (EPROM), flash memory, or any other computer readable storage media that is capable of storing program instructions or digital information.

The media used by persistent storage 410 may also be removable. For example, a removable hard drive may be used for persistent storage 410. Other examples include optical and magnetic disks, thumb drives, and smart cards that are inserted into a drive for transfer onto another computer-readable storage medium that is also part of persistent storage 410.

Communications unit 414, in these examples, provides for communications with other data processing systems or devices, including resources of network 140. In these examples, communications unit 414 includes one or more network interface cards. Communications unit 414 may provide communications through the use of either or both physical and wireless communications links. Program instructions and data used to practice embodiments of the present invention may be downloaded to persistent storage 410 through communications unit 414.

I/O interface(s) 412 allows for input and output of data with other devices that may be connected to computing device 400. For example, I/O interface 412 may provide a connection to external devices 416 such as a keyboard, keypad, a touch screen, and/or some other suitable input device. External devices 416 can also include portable computer-readable storage media such as, for example, thumb drives, portable optical or magnetic disks, and memory cards. Software and data used to practice embodiments of the present invention (e.g., software and data) can be stored on such portable computer-readable storage media and can be loaded onto persistent storage 410 via I/O interface(s) 412. I/O interface(s) 412 also connect to a display 418.

Display 418 provides a mechanism to display data to a user and may be, for example, a computer monitor, or a television screen.

The present invention may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.

Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.

Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.

The descriptions of the various embodiments of the present invention have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the invention. The terminology used herein was chosen to best explain the principles of the embodiment, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (11)

What is claimed is:
1. A method for authenticating source code, the method comprising:
extracting, by one or more processors, source code having at least one source file having at least one reserved field;
generating, by a key generator, a compound key comprising the at least one source file, a hash function run on the at least one source file, and a file size of the at least one source file;
building, by one or more processors, a set of files, based on the source code from the at least one source file;
injecting, by one or more processors, a generated value based on the compound key into each file of the built set of files either as metadata or as an entry in the at least one source file;
comparing, by a key validation tool, the compound key and the generated value to determine if said compound key is equivalent to said generated value;
producing, by one or more processors, a final product, wherein the final product comprises: the key validation tool and the generated compound key;
determining, by one or more processors, whether there is a difference between the compound key and the generated value; and
in response to determining that there is not a difference between the compound key and the value, loading the final product to a repository.
2. The method of claim 1, wherein comparing, by the key validation tool, the compound key and the value to determine if said compound key is equivalent to said value comprises:
scanning, by the key validation tool, the compound key;
for a compound key entry, searching, by the key validation tool, the set of files for an entry which matches the entry in the compound key; and
responsive to detecting an entry in the set of files which matches the entry in the compound key, comparing a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
3. The method of claim 1, wherein extracting, by one or more processors, source code having at least one source file having at least one reserve field-comprises:
adding, by a manager, a row to the compound key, wherein the row comprises:
a source path; and
information associated with the at least one source file.
4. The method of claim 1, further comprising:
receiving, by a manager, the source code from the at least one source file; and
generating, by the manager, a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.
5. A computer program product for authenticating source code, the computer program product comprising:
a computer readable storage medium and program instructions stored on the computer readable storage medium, the program instructions comprising:
program instructions to extract source code having at least one source file having at least one reserved field;
program instructions to generate a compound key comprising the at least one source file, a hash function run on the at least one source file, and a file size of the at least one source file;
program instructions to build a set of files, based on the source code from the at least one source file;
program instructions to inject a generated value based on the compound key into each file of the built set of files either as metadata or as an entry in the at least one source file;
program instructions to compare the compound key and the value to determine if said compound key is equivalent to said generated value;
program instructions to produce a final product, wherein the final product comprises: a key validation tool and the generated compound key;
program instructions to determine whether there is a difference between the compound key and the generated value; and
program instructions to, in response to determining that there is not a difference between the compound key and the value, load the final product to a repository.
6. The computer program product of claim 5, wherein the program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value comprise:
program instructions to scan the compound key;
program instructions to, for a compound key entry, search the set of files for an entry which matches the entry in the compound key; and
program instructions to, responsive to detecting an entry in the set of files which matches the entry in the compound key, compare a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
7. The computer program product of claim 5, wherein extracting, by one or more processors, source code having at least one source file having at least one reserve field comprises:
program instructions to add a row to the compound key, wherein the row comprises:
a source path; and
information associated with the at least one source file.
8. The computer program product of claim 5, further comprising:
program instructions to receive the source code from the at least one source file; and
program instructions to generate a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.
9. A system for authenticating source code, the system comprising:
one or more computer processors;
one or more computer readable storage media;
program instructions to extract source code having at least one source file having at least one reserved field;
program instructions to generate a compound key comprising the at least one source file, a hash function run on the at least one source file, and a file size of the at least one source file;
program instructions to build a set of files, based on the source code from the at least one source file;
program instructions to inject a generated value based on the compound key into each file of the built set of files either as metadata or as an entry in the at least one source file;
program instructions to compare the compound key and the value to determine if said compound key is equivalent to said generated value;
program instructions to produce a final product, wherein the final product comprises: a key validation tool and the generated compound key;
program instructions to determine whether there is a difference between the compound key and the generated value; and
program instructions to, in response to determining that there is not a difference between the compound key and the value, load the final product to a repository.
10. The system of claim 9, wherein the program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value comprise:
program instructions to scan the compound key;
program instructions to, for a compound key entry, search the set of files for an entry which matches the entry in the compound key; and
program instructions to, responsive to detecting an entry in the set of files which matches the entry in the compound key, compare a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
11. The system of claim 9, further comprising:
program instructions to receive the source code from the at least one source file; and
program instructions to generate a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.
US14/801,967 2015-07-17 2015-07-17 Source authentication of a software product Active 2035-12-01 US9965639B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/801,967 US9965639B2 (en) 2015-07-17 2015-07-17 Source authentication of a software product

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/801,967 US9965639B2 (en) 2015-07-17 2015-07-17 Source authentication of a software product
US15/943,860 US20180225470A1 (en) 2015-07-17 2018-04-03 Source authentication of a software product

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/943,860 Continuation US20180225470A1 (en) 2015-07-17 2018-04-03 Source authentication of a software product

Publications (2)

Publication Number Publication Date
US20170017798A1 US20170017798A1 (en) 2017-01-19
US9965639B2 true US9965639B2 (en) 2018-05-08

Family

ID=57775086

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/801,967 Active 2035-12-01 US9965639B2 (en) 2015-07-17 2015-07-17 Source authentication of a software product
US15/943,860 Pending US20180225470A1 (en) 2015-07-17 2018-04-03 Source authentication of a software product

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/943,860 Pending US20180225470A1 (en) 2015-07-17 2018-04-03 Source authentication of a software product

Country Status (1)

Country Link
US (2) US9965639B2 (en)

Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781629A (en) * 1994-10-28 1998-07-14 Surety Technologies, Inc. Digital document authentication system
US6151708A (en) * 1997-12-19 2000-11-21 Microsoft Corporation Determining program update availability via set intersection over a sub-optical pathway
US6377589B1 (en) * 1996-11-26 2002-04-23 British Telecommunications Public Limited Company Communications system
US6393420B1 (en) * 1999-06-03 2002-05-21 International Business Machines Corporation Securing Web server source documents and executables
US6457170B1 (en) 1999-08-13 2002-09-24 Intrinsity, Inc. Software system build method and apparatus that supports multiple users in a software development environment
US20030216172A1 (en) * 2000-08-21 2003-11-20 Lemay Steven G. Method and apparatus for software authentication
US20040044996A1 (en) * 2002-08-29 2004-03-04 Dario Atallah System and method for verifying installed software
US20040123102A1 (en) * 2001-05-03 2004-06-24 Christian Gehrmann Method and system for data integrity protection
US20040210883A1 (en) * 2003-04-17 2004-10-21 International Business Machines Corporation Method and apparatus for building executable computer programs using compiled program libraries
US20050144599A1 (en) * 2003-12-26 2005-06-30 Microsoft Corporation Source server
US6915302B1 (en) * 1999-10-01 2005-07-05 International Business Machines Corporation Method, system, and program for accessing files in a file system
US6931549B1 (en) * 2000-05-25 2005-08-16 Stamps.Com Method and apparatus for secure data storage and retrieval
US20050188214A1 (en) * 2004-02-23 2005-08-25 Worley John S. Authenticatable software modules
US20050257205A1 (en) * 2004-05-13 2005-11-17 Microsoft Corporation Method and system for dynamic software updates
US20060015746A1 (en) * 2004-07-14 2006-01-19 Matsushita Electric Industrial Co., Ltd. Method for authenticating and executing a program
US7032240B1 (en) * 1999-12-07 2006-04-18 Pace Anti-Piracy, Inc. Portable authorization device for authorizing use of protected information and associated method
US20060101408A1 (en) * 2004-10-20 2006-05-11 Nokia Corporation Terminal, method and computer program product for validating a software application
US20060161761A1 (en) * 2005-01-18 2006-07-20 Microsoft Corporation Systems and methods for validating executable file integrity using partial image hashes
US20070005992A1 (en) * 2005-06-30 2007-01-04 Travis Schluessler Signed manifest for run-time verification of software program identity and integrity
US7290288B2 (en) * 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US20080104403A1 (en) * 2006-09-29 2008-05-01 Shay Gueron Methods and apparatus for data authentication with multiple keys
US7373345B2 (en) * 2003-02-21 2008-05-13 Caringo, Inc. Additional hash functions in content-based addressing
US20090031170A1 (en) * 2007-07-26 2009-01-29 Teppei Tsurumi System and method to facilitate automatic globalization verification test
US20090055658A1 (en) * 2003-10-23 2009-02-26 Hyser Chris D Authenticating and Verifying an Authenticable and Verifiable Module
US20090287473A1 (en) * 2008-05-15 2009-11-19 International Business Machines Corporation Method for Distributing Translated Resources from a Unified Source
US20100062844A1 (en) * 2003-03-05 2010-03-11 Bally Gaming, Inc. Authentication and validation systems for gaming devices
US7774320B1 (en) * 2005-04-01 2010-08-10 Apple Inc. Verifying integrity of file system data structures
US7802087B2 (en) 2003-03-10 2010-09-21 Igt Universal method for submitting gaming machine source code software to a game certification laboratory
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
US20110214188A1 (en) 1998-06-10 2011-09-01 Auckland Uniservices Limited Software watermarking techniques
US20110283085A1 (en) * 2010-05-17 2011-11-17 Oracle International Corporation System and method for end-to-end data integrity in a network file system
CN102945241A (en) * 2011-10-28 2013-02-27 新游游戏株式会社 Hash data structure used for file comparison,hash comparison system and method
US20130103651A1 (en) * 2011-10-23 2013-04-25 Microsoft Corporation Telemetry file hash and conflict detection
US20130151861A1 (en) * 2011-12-08 2013-06-13 Raytheon Company System and method to protect computer software from unauthorized use
US8527979B2 (en) * 2007-02-15 2013-09-03 Oracle America, Inc. Apparatus and method fro maintaining a software repository
US20140013390A1 (en) * 2012-07-05 2014-01-09 Cyber-Ark Software Ltd. System and method for out-of-band application authentication
US8667273B1 (en) * 2006-05-30 2014-03-04 Leif Olov Billstrom Intelligent file encryption and secure backup system
US8838964B2 (en) 2010-11-30 2014-09-16 Red Hat, Inc. Package audit tool
US20150033202A1 (en) 2013-07-26 2015-01-29 Fujitsu Limited Method and apparatus for porting source code
US8983870B2 (en) * 2010-08-18 2015-03-17 Snap-On Incorporated Apparatus and method for managing software applications using partitioned data storage devices
US8984293B2 (en) * 2010-11-19 2015-03-17 Microsoft Corporation Secure software product identifier for product validation and activation
US20150161153A1 (en) * 2013-12-06 2015-06-11 International Business Machines Corporation File versions within content addressable storage
US9336389B1 (en) * 2013-08-19 2016-05-10 Amazon Technologies, Inc. Rapid malware inspection of mobile applications
US20160253769A1 (en) * 2015-02-26 2016-09-01 Don Waldhalm Method of preserving secrecy during source code comparison
US20160285636A1 (en) * 2015-03-27 2016-09-29 Comcast Cable Communications, Llc Methods And Systems For Key Generation
US20160380771A1 (en) * 2013-12-16 2016-12-29 Morpho Binary code authentication
US20170031669A1 (en) * 2014-04-30 2017-02-02 Allscripts Software, Llc Software verification system and methods

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781629A (en) * 1994-10-28 1998-07-14 Surety Technologies, Inc. Digital document authentication system
US6377589B1 (en) * 1996-11-26 2002-04-23 British Telecommunications Public Limited Company Communications system
US7290288B2 (en) * 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US6151708A (en) * 1997-12-19 2000-11-21 Microsoft Corporation Determining program update availability via set intersection over a sub-optical pathway
US20110214188A1 (en) 1998-06-10 2011-09-01 Auckland Uniservices Limited Software watermarking techniques
US6393420B1 (en) * 1999-06-03 2002-05-21 International Business Machines Corporation Securing Web server source documents and executables
US6457170B1 (en) 1999-08-13 2002-09-24 Intrinsity, Inc. Software system build method and apparatus that supports multiple users in a software development environment
US6915302B1 (en) * 1999-10-01 2005-07-05 International Business Machines Corporation Method, system, and program for accessing files in a file system
US7032240B1 (en) * 1999-12-07 2006-04-18 Pace Anti-Piracy, Inc. Portable authorization device for authorizing use of protected information and associated method
US6931549B1 (en) * 2000-05-25 2005-08-16 Stamps.Com Method and apparatus for secure data storage and retrieval
US20030216172A1 (en) * 2000-08-21 2003-11-20 Lemay Steven G. Method and apparatus for software authentication
US20040123102A1 (en) * 2001-05-03 2004-06-24 Christian Gehrmann Method and system for data integrity protection
US20040044996A1 (en) * 2002-08-29 2004-03-04 Dario Atallah System and method for verifying installed software
US7373345B2 (en) * 2003-02-21 2008-05-13 Caringo, Inc. Additional hash functions in content-based addressing
US20100062844A1 (en) * 2003-03-05 2010-03-11 Bally Gaming, Inc. Authentication and validation systems for gaming devices
US7802087B2 (en) 2003-03-10 2010-09-21 Igt Universal method for submitting gaming machine source code software to a game certification laboratory
US20040210883A1 (en) * 2003-04-17 2004-10-21 International Business Machines Corporation Method and apparatus for building executable computer programs using compiled program libraries
US20090055658A1 (en) * 2003-10-23 2009-02-26 Hyser Chris D Authenticating and Verifying an Authenticable and Verifiable Module
US20050144599A1 (en) * 2003-12-26 2005-06-30 Microsoft Corporation Source server
US20050188214A1 (en) * 2004-02-23 2005-08-25 Worley John S. Authenticatable software modules
US20050257205A1 (en) * 2004-05-13 2005-11-17 Microsoft Corporation Method and system for dynamic software updates
US20060015746A1 (en) * 2004-07-14 2006-01-19 Matsushita Electric Industrial Co., Ltd. Method for authenticating and executing a program
US20060101408A1 (en) * 2004-10-20 2006-05-11 Nokia Corporation Terminal, method and computer program product for validating a software application
US20060161761A1 (en) * 2005-01-18 2006-07-20 Microsoft Corporation Systems and methods for validating executable file integrity using partial image hashes
US7774320B1 (en) * 2005-04-01 2010-08-10 Apple Inc. Verifying integrity of file system data structures
US20070005992A1 (en) * 2005-06-30 2007-01-04 Travis Schluessler Signed manifest for run-time verification of software program identity and integrity
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
US8667273B1 (en) * 2006-05-30 2014-03-04 Leif Olov Billstrom Intelligent file encryption and secure backup system
US20080104403A1 (en) * 2006-09-29 2008-05-01 Shay Gueron Methods and apparatus for data authentication with multiple keys
US8527979B2 (en) * 2007-02-15 2013-09-03 Oracle America, Inc. Apparatus and method fro maintaining a software repository
US20090031170A1 (en) * 2007-07-26 2009-01-29 Teppei Tsurumi System and method to facilitate automatic globalization verification test
US20090287473A1 (en) * 2008-05-15 2009-11-19 International Business Machines Corporation Method for Distributing Translated Resources from a Unified Source
US20110283085A1 (en) * 2010-05-17 2011-11-17 Oracle International Corporation System and method for end-to-end data integrity in a network file system
US8983870B2 (en) * 2010-08-18 2015-03-17 Snap-On Incorporated Apparatus and method for managing software applications using partitioned data storage devices
US8984293B2 (en) * 2010-11-19 2015-03-17 Microsoft Corporation Secure software product identifier for product validation and activation
US8838964B2 (en) 2010-11-30 2014-09-16 Red Hat, Inc. Package audit tool
US20130103651A1 (en) * 2011-10-23 2013-04-25 Microsoft Corporation Telemetry file hash and conflict detection
CN102945241A (en) * 2011-10-28 2013-02-27 新游游戏株式会社 Hash data structure used for file comparison,hash comparison system and method
US20130151861A1 (en) * 2011-12-08 2013-06-13 Raytheon Company System and method to protect computer software from unauthorized use
US20140013390A1 (en) * 2012-07-05 2014-01-09 Cyber-Ark Software Ltd. System and method for out-of-band application authentication
US20150033202A1 (en) 2013-07-26 2015-01-29 Fujitsu Limited Method and apparatus for porting source code
US9336389B1 (en) * 2013-08-19 2016-05-10 Amazon Technologies, Inc. Rapid malware inspection of mobile applications
US20150161153A1 (en) * 2013-12-06 2015-06-11 International Business Machines Corporation File versions within content addressable storage
US20160380771A1 (en) * 2013-12-16 2016-12-29 Morpho Binary code authentication
US20170031669A1 (en) * 2014-04-30 2017-02-02 Allscripts Software, Llc Software verification system and methods
US20160253769A1 (en) * 2015-02-26 2016-09-01 Don Waldhalm Method of preserving secrecy during source code comparison
US20160285636A1 (en) * 2015-03-27 2016-09-29 Comcast Cable Communications, Llc Methods And Systems For Key Generation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Trusted Software Check"; An IP.com Prior Art Database Technical Disclosure; IP.com No. 000226292; Mar. 26, 2013; pp. 1-3.
CN102945251A Translation. *

Also Published As

Publication number Publication date
US20180225470A1 (en) 2018-08-09
US20170017798A1 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
US9280337B2 (en) Secured distribution of software updates
US8543998B2 (en) System and method for building virtual appliances using a repository metadata server and a dependency resolution service
US8683430B2 (en) Synchronizing development code and deployed executable versioning within distributed systems
US8122256B2 (en) Secure bytecode instrumentation facility
US20140033188A1 (en) System updates from cloud blob storage using vhd differentials
KR101944570B1 (en) Transformational context-aware data source management
US8776239B2 (en) In-development vulnerability response management
US8108536B1 (en) Systems and methods for determining the trustworthiness of a server in a streaming environment
US8645942B2 (en) Software update syndication
US20150339113A1 (en) Identification and handling of items to be ignored for synchronization with a cloud-based platform by a synchronization client
CN102521081A (en) Repairing corrupt software
US20130232229A1 (en) Distribution of Application Files
US9575739B2 (en) Performing unattended software installation
US9542539B2 (en) Managing software deployment
US20140040873A1 (en) Updating Applications Using Migration Signatures
US20160092190A1 (en) Method, apparatus and system for inspecting safety of an application installation package
WO2014176150A1 (en) Systems and methods for replacing application methods at runtime
US8799662B2 (en) Method and apparatus for validating the integrity of installer files prior to installation
US8838964B2 (en) Package audit tool
CN102880456B (en) Method and system for loading plug-ins
US9721101B2 (en) System wide root of trust chaining via signed applications
US10032028B2 (en) Method for processing UEFI protocols and system therefor
US20110314451A1 (en) Validating translations of externalized content for inclusion in an application
US9229741B2 (en) Mobile terminal and application providing method for the same
US9633210B2 (en) Keying infrastructure

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BHAT, BADEKILA GANESH PRASHANTH;GOKAVARAPU, NAGESWARARAO V.;KURIAN, JOHN;AND OTHERS;REEL/FRAME:036122/0186

Effective date: 20150716

STCF Information on status: patent grant

Free format text: PATENTED CASE